Public-key cryptography
Public-key cryptography — or asymmetric cryptography — is a cryptographic system in which keys come in pairs. The transformation performed by one of the keys can only be undone with the other key. One key (the private key) is kept secret while the other is made public.
Digital signatures
When used for digital signatures, the private key is used to sign, and the public key is used to verify. This means that anyone can verify a signature, but only the owner of the corresponding private key could have generated it.
Encryption
When used for encryption, the public key is used to encrypt, and the private key is used to decrypt. This gives public-key encryption systems an advantage over symmetric encryption systems: The encryption key can be made public. Anyone can encrypt a message to the owner of the private key, but only the owner of the private key can decrypt it.
However, public-key encryption systems are typically much slower than symmetric algorithms, and the size of the messages they can encrypt is proportional to the size of the key, so they do not scale well for long messages.
As a result, it's common for an encryption system to use a symmetric algorithm to encrypt the messages, then a public-key system to encrypt the symmetric key. This arrangement can confer the benefits of both systems.
Common public-key cryptosystems
Commonly used public-key cryptosystems are RSA (for both signing and encryption), DSA (for signing) and Diffie–Hellman (for key agreement).
Elliptic-curve cryptography offers an alternative approach to these cryptographic systems with the benefit of using comparatively smaller key sizes, faster operations, and smaller storage and transmission. Popular elliptic-curve algorithms include Elliptic-curve Diffie–Hellman and Elliptic Curve Digital Signature Algorithm, which developers will often encounter abbreviated as ECDH and ECDSA.
See also
- Web Crypto API
- SubtleCrypto supported algorithms
- Related glossary terms:
- Public-key cryptography on Wikipedia